Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label EU. Show all posts

Nude Deepfakes: What is EU Doing to Prevent Women from Cyber Harassment


The disturbring rise of sexual deepfakes

Deepfakes are a worry in digital development in this age of rapid technical advancement. This article delves deeply into the workings of deepfake technology, exposing both its potential dangers and its constantly changing capabilities.

The manipulation of images and videos to make sexually oriented content may be considered a criminal offense across all the European Union nations. 

The first directive on violence against will move through its final approval stage by April 2024. 

With the help of AI programs, these images are being modified to undress women without their consent. 

What changes will the new directive bring? And what will happen if the women who live in the European Union are the target of manipulation but the attacks happen in countries outside the European Nation?

The victims: Women

If you are wondering how easy it is to create sexual deepfakes, some websites are just a click away and provide free-of-cost services.

According to the 2023 State of Deepfakes research, it takes around 25 minutes to create a sexual deepfake, and it's free. You just need a photo and the face has to be visible. 

A sample of 95000 deepfake videos were analyzed between 2019 and 2023, and the research discloses that there has been a disturbing 550% increase. 

AI and Deepfakes expert Henry Aider says the people who use these stripping tools want to humiliate, defame, traumatize, and in some incidents, sexual pleasure. 

“And it's important to state that these synthetic stripping tools do not work on men. They are explicitly designed to target women. So it's a good example of a technology that is explicitly malicious. There's nothing neutral about that,” says Henry.

The makers of nude deepfakes search for their target's pictures "anywhere and everywhere" on the web. The pictures can be taken from your Instagram account, Facebook account, or even your WhatsApp display picture. 

Prevention: What to do?

When female victims come across nude deepfakes of themselves, there's a societal need to protect them. 

But the solution lies not in the prevention, but in taking immediate actions to remove them. 

Amanda Manyame, Digital Law and Rights Advisor at Equality Now, says “I'm seeing that trend, but it's like a natural trend any time something digital happens, where people say don't put images of you online, but if you want to push the idea further is like, don't go out on the street because you can have an accident.” The expert further says, “unfortunately, cybersecurity can't help you much here because it's all a question of dismantling the dissemination network and removing that content altogether.”

Today, the victims of nude deepfakes seek various laws like the General Data Protection Regulation, the European Union's Privacy Law, and national defamation laws to seek justice and prevention. 

To the victims who suffer such an offense, it is advisable to take screenshots or video recordings of the deepfake content and use them as proof while reporting it to the police and social media platforms where the incident has happened. 

“There is also a platform called StopNCII, or Stop Non-Consensual Abuse of Private Images, where you can report an image of yourself and then the website creates what is called a 'hash' of the content. And then, AI is then used to automatically have the content taken down across multiple platforms," says the Digital Law and Rights at Equality Now.

Global Impact

The new directive aims to combat sexual violence against women, all 27 member states will follow the same set of laws to criminalize all forms of cyber-violence like sexually motivated "deepfakes."

Amanda Manyame says “The problem is that you might have a victim who is in Brussels. You've got the perpetrator who is in California, in the US, and you've got the server, which is holding the content in maybe, let's say, Ireland. So, it becomes a global problem because you are dealing with different countries.”

Addressing this concern, the MEP and co-author of the latest directive explain that “what needs to be done in parallel with the directive" is to increase cooperation with other countries, "because that's the only way we can also combat crime that does not see any boundaries."

"Unfortunately, AI technology is developing very fast, which means that our legislation must also keep up. So we need to revise the directive in this soon. It is an important step for the current state, but we will need to keep up with the development of AI,” Evin Incir further admits.

EU Takes a Leap Forward with Cybersecurity Certification Scheme

EUCC

What is the EU cybersecurity certification scheme?

The EUCC, or EU cybersecurity certification scheme, has an implementing rule that was adopted by the European Commission. The result is consistent with the cybersecurity certification methodology under consideration on EUCC, which was created by ENISA in response to a request from the European Commission.

An ad hoc working group (AHWG) made up of subject matter experts from various industrial sectors and National Cybersecurity Certification Authorities (NCCAs) of EU member states provided support to ENISA in the design of the candidate scheme.

ENISA is appreciative of the efforts made by the Stakeholder Cybersecurity Certification Group (SCCG) as well as the advice and assistance provided by Member States through the European Cybersecurity Certification Group (ECCG).

It is anticipated that the EUCC sets the path for the upcoming schemes that are presently being developed, as it is the first cybersecurity certification system accepted by the EU. While the cybersecurity certification framework is optional, an implementing act is a component of the EU Law, or "acquis communautaire." National certification programs that were previously part of the SOG-IS agreement will eventually be replaced by EUCC.

"The adoption of the first cybersecurity certification scheme marks a milestone towards a trusted EU digital single market, and it is a piece of the puzzle of the EU cybersecurity certification framework that is currently in the making," stated Juhan Lepassaar, Executive Director of the EU Agency for Cybersecurity.

About EUCC

The new program is compliant with the EU cybersecurity certification system, as stipulated by the 2019 Cybersecurity Act. Raising the degree of cybersecurity for ICT goods, services, and procedures on the EU market was the aim of this framework. It accomplishes this by establishing a thorough set of guidelines, technical standards, specifications, norms, and protocols that must be followed throughout the Union.

The new voluntary EUCC program enables ICT vendors to demonstrate proof of assurance by putting them through a commonly recognized EU assessment procedure. This approach certifies ICT goods, including hardware, software, and technological components like chips and smartcards.

The program is built around the tried-and-true SOG-IS Common Criteria assessment framework, which is currently in use in 17 EU Member States. Based on the degree of risk connected to the intended use of the good, service, or process in terms of the likelihood and consequence of an accident, it suggests two levels of assurance.

The complete plan has been customized to meet the requirements of the EU Member States through thorough research and consultation. Hence, European enterprises can compete on a national, Union, and international scale thanks to the certification processes implemented throughout the Union.

What next?

In collaboration with the Ad-hoc working group, ENISA developed the candidate scheme, defining and agreeing upon the security requirements as well as generally recognized assessment techniques.

Following ECCG's opinion, ENISA forwarded the draft scheme to the European Commission. As a result, the European Commission issued an implementing act, which was later approved through the pertinent comitology procedure.

The enacted legislation anticipates a transitional period wherein firms will reap the advantages of current certifications obtained under national systems in a subset of Member States. Accreditation and notice are available to Conformity Assessment Bodies (CABs) who are interested in evaluating against the EUCC. After evaluating their solutions against any updated or new standards outlined in the EUCC, vendors will be able to convert their current SOG-IS certificates into EUCC ones.

Other certificates

Two further cybersecurity certification programs, EUCS for cloud services and EU5G for 5G security are presently being developed by ENISA. Additionally, the Agency is assisting the European Commission and Member States in developing a certification plan for the eIDAS/wallet and has conducted a feasibility assessment on EU cybersecurity certification standards for AI. A managed security services (MSSP) program is envisioned in a recent modification to the Cybersecurity Act proposed by the European Commission.

Privacy Watchdog Fines Italy’s Trento City for Privacy Breaches in Use of AI


Italy’s privacy watchdog has recently fined the northern city of Trento since they failed to keep up with the data protection guidelines in how they used artificial intelligence (AI) for street surveillance projects. 

Trento was the first local administration in Italy to be sanctioned by the GPDP watchdog for using data from AI tools. The city has been fined a sum of 50,000 euros (454,225). Trento has also been urged to take down the data gathered in the two European Union-sponsored projects. 

The privacy watchdog, known to be one of the most proactive bodies deployed by the EU, for evaluating AI platform compliance with the bloc's data protection regulations temporarily outlawed ChatGPT, a well-known chatbot, in Italy. In 2021, the authority also reported about a facial recognition system tested under the Italian Interior Ministry, which did not meet the terms of privacy laws.

Concerns around personal data security and privacy rights have been brought up by the rapid advancements in AI across several businesses.

Following a thorough investigation of the Trento projects, the GPDP found “multiple violations of privacy regulations,” they noted in a statement, while also recognizing how the municipality acted in good faith.

Also, it mentioned that the data collected in the project needed to be sufficiently anonymous and that it was illicitly shared with third-party entities. 

“The decision by the regulator highlights how the current legislation is totally insufficient to regulate the use of AI to analyse large amounts of data and improve city security,” it said in a statement.

Moreover, in its presidency of the Group of Seven (G7) major democracies, the government of Italy which is led by Prime Minister Giorgia Meloni has promised to highlight the AI revolution.

Legislators and governments in the European Union reached a temporary agreement in December to regulate ChatGPT and other AI systems, bringing the technology one step closer to regulations. One major source of contention concerns the application of AI to biometric surveillance.  

Open AI Moves to Minimize Regulatory Risk on Data Privacy in EU

 

While the majority of the world was celebrating the arrival of 2024, it was back to work for ChatGPT's parent company, OpenAI. 

After being investigated for violating people's privacy, the firm is believed to be rushing against the clock to do everything in its capacity to limit the regulatory risk in the EU. This is the primary reason why the company has returned to work on amending its terms and conditions. 

With a line of investigations in place to combat data protection issues concerning how chatbots process user data and how they produce data in general, including those coming from top watchdogs in the region, ChatGPT's powerful AI offering was accused of negatively impacting users' privacy. 

Things even got bad enough for Italy to temporarily halt the AI tool after determining that the company needed to modify some data and the degree of control granted to users generally. 

Now, OpenAI is sending out emails detailing how it has modified its ChatGPT service in the regions where the most concerns have arisen. They have made clear which entity, as stated in their privacy policy, is in charge of processing and regulating personal data.

The latest terms established the firm's Dublin subsidiary as the primary regulator for user data across the EEA region, including Switzerland. 

The company claimed that this would be effective as early as next month. If there is any disagreement on the matter, users are advised to delete their OpenAI accounts immediately. More discussion was conducted about how the GDPR's OSS would be implemented for firms processing EU data in order to better coordinate privacy oversights through a single supervisory body operating in the EU. 

The likelihood that privacy watchdogs operating in other parts of the world will take action on these issues is made less likely by such a status. They would have to go the path previously. The supervisor of the main firm can now receive complaints from them and address any issues. 

If an immediate risk arises, GDPR regulators would maintain the authority to intervene through local means. This year, we saw the company establish an office in Ireland's capital and hire numerous professionals for senior legal and privacy positions. However, the majority of the company's open roles are still in the United States. 

However, due to Brexit, the company's users in the United Kingdom are excluded from the entire legal basis on which OpenAI's transfer to Ireland operates. Since its inception, the EU's GDPR has failed to function and apply to those in the United Kingdom. 

A lot is going on here, and it will be interesting to see how the change in OpenAI's terms affects the regulatory risk at its peak in the EU.

Europol Dismantles Ukrainian Ransomware Gang

A well-known ransomware organization operating in Ukraine has been successfully taken down by an international team under the direction of Europol, marking a major win against cybercrime. In this operation, the criminal group behind several high-profile attacks was the target of multiple raids.

The joint effort, which included law enforcement agencies from various countries, highlights the growing need for global cooperation in combating cyber threats. The dismantled group had been a prominent player in the world of ransomware, utilizing sophisticated techniques to extort individuals and organizations.

The operation comes at a crucial time, with Ukraine already facing challenges due to ongoing geopolitical tensions. Europol's involvement underscores the commitment of the international community to address cyber threats regardless of the geopolitical landscape.

One of the key events leading to the takedown was a series of coordinated raids across Ukraine. These actions, supported by Europol, aimed at disrupting the ransomware gang's infrastructure and apprehending key individuals involved in the criminal activities. The raids not only targeted the group's operational base but also sought to gather crucial evidence for further investigations.

Europol, in a statement, emphasized the significance of international collaboration in combating cybercrime. "This successful operation demonstrates the power of coordinated efforts in tackling transnational threats. Cybercriminals operate globally, and law enforcement must respond with a united front," stated the Europol representative.

The dismantled ransomware gang was reportedly using the Lockergoga ransomware variant, known for its sophisticated encryption methods and targeted attacks on high-profile victims. The group's activities had raised concerns globally, making its takedown a priority for law enforcement agencies.

In the aftermath of the operation, cybersecurity experts are optimistic about the potential impact on reducing ransomware threats. However, they also stress the importance of continued vigilance and collaboration to stay ahead of evolving cyber threats.

As the international community celebrates this successful operation, it serves as a reminder of the ongoing battle against cybercrime. The events leading to the dismantlement of the Ukrainian-based ransomware gang underscore the necessity for countries to pool their resources and expertise to protect individuals, businesses, and critical infrastructure from the ever-evolving landscape of cyber threats.

Allegations of Spying in the EU Hit YouTube as it Targets Ad Blockers

 

YouTube's widespread use of ads, many of which are unavoidable, has raised concerns among some users. While some accept ads as a necessary part of the free video streaming experience, privacy advocate Alexander Hanff has taken issue with YouTube and its parent company, Google, over their ad practices. Hanff has filed a civil complaint with the Irish Data Protection Commission, alleging that YouTube's use of JavaScript code to detect and disable ad blockers violates data protection regulations.

Additionally, Hanff has filed a similar complaint against Meta, the company behind Instagram and Facebook, claiming that Meta's collection of personal data without explicit consent is illegal. Meta is accused of using surveillance technology to track user behavior and tailoring ads based on this information, a practice that Hanff believes violates Irish law.

These complaints come amid a growing focus on data privacy and security in the EU, which has implemented stricter regulations for Big Tech companies. In response, Google has expanded its Ads Transparency Center to provide more details on how advertisers target consumers and how ads are displayed. 

The company has also established a separate Transparency Center to showcase its safety policy development and enforcement processes. Google has committed to continued collaboration with the European Commission to ensure compliance with regulations.

Hanff's complaints could be the first of many against Google, Meta, and other tech giants, as legislators and the public alike express increasing concerns over market competition and data privacy. 

If additional regulations are implemented, these companies will have to adapt their practices accordingly. The potential impact on their profits remains to be seen, but compliance could ultimately prove less costly than facing financial penalties.

Russian Exiled Journalist Says EU Should Ban Spyware


The editor-in-chief of the independent Russian news site Meduza has urged the European Union to enact a comprehensive ban on spyware, given that spyware has been frequently used to violate human rights.

According to Ivan Kolpakov, Meduza’s editor-in-chief based in Latvia, it was obvious that Europeans should be very concerned about Pegasus in light of the discoveries regarding the hacking of his colleague Galina Timichenko by an as-yet-unconfirmed EU country.

“If they can use it against an exiled journalist there are no guarantees they cannot use it against local journalists as well[…]Unfortunately, there are a lot of fans in Europe, and we are not only talking about Poland and Hungary, but Western European countries as well,” said Kolpakov.

Since last month, the European Commission has been working on guidelines for how governments could employ surveillance technologies like spyware in compliance with EU data privacy and national security rules since last month. Despite the fact that member states are responsible for their own national security, the Commission is considering adopting a position after learning that 14 EU governments had purchased the Pegasus technology from NSO Group.

Apparently, Timichenko was targeted by Pegasus in February 2023 when she was in Berlin for a private gathering of Russian media workers exile. The meeting's subject was the threats posed by the Russian government's categorization of independent Russian media outlets as foreign agents.

Taking into account the work that Timichenko deals with, Russia was first suspected; but, according to the digital rights organization Access Now, additional information suggests that one of the intelligence services of an EU member state — the exact one is yet unknown — is more likely to be to blame.

Allegedly, the motive behind the hack could be that numerous Baltic nations, to whom Russia has consistently posed a threat, are worried that a few FSB or GRU agents may have infiltrated their borders among expatriate dissidents and journalists.

“It may happen and probably it actually happens, but in my opinion, it does not justify the usage of that kind of brutal tool as Pegasus against a prominent independent journalist,” Kolpakov said.

Kolpakov believes that the revelations have left the exiled community feeling they are not safe in Europe. “This spyware has to be banned here in Europe. It really violates human rights,” he added.     

EU Makes Progress in Regulating User Data, Limiting Big Tech Control

 

The European Parliament and the Council of the EU have reached a provisional agreement on a new Data Act, aiming to regulate the usage and accessibility of consumer and corporate data within the European Union. EU industry chief Thierry Breton expressed his support for the agreement, describing it as a significant milestone in reshaping the digital landscape and fostering an innovative and open EU data economy.

The primary objective of the legislation, as outlined by the European Commission in a press release, is to grant EU end users greater control over the data generated through the use of connected devices. This includes the right to access data generated by smart objects, machines, and devices and the option to share it with external parties if desired.

The preliminary agreement encompasses several key provisions. It allows for increased data portability between different cloud providers, promotes the development of interoperability standards, and grants public sector entities the authority to access and utilize data in emergency situations. Additionally, safeguards have been incorporated to prevent unauthorized data transfers.

Concerns have been raised regarding the potential disclosure of trade secrets due to the Data Act's provisions on data sharing. Consequently, the legislation has been amended to enable companies to reject data sharing requests if they anticipate significant and irreparable economic losses as a result.

Regarded as a vital component of the EU's digital transformation, the Data Act is one of five legislative pieces designed to revamp the bloc's digital regulations. These include the Digital Markets Act, Digital Services Act, Artificial Intelligence Act, and the related Data Governance Act, collectively aiming to modernize EU digital policies.

Following the recent provisional agreement, the Data Act will undergo formal approval from both the Council and the European Parliament before becoming law. Companies will be required to comply with the legislation approximately 20 months after its approval, suggesting that it will take a couple of years for the measures outlined in the Data Act to take effect.

EU Now Wants Smartphones to Feature Replaceable Batteries

 

In a noteworthy development, the European Union (EU) is making strides to reintroduce a long-lost and highly sought-after element that has gradually vanished from the smartphone market. An upcoming regulation is currently being advocated, aiming to reinstate user-replaceable batteries as a prominent feature. This proposed rule seeks to empower consumers by enabling them to easily replace the batteries in their smartphones. 

In a significant development, the European Parliament has given its seal of approval to a novel regulation focused on the manufacturing, design, and recycling aspects of rechargeable batteries within the region. This progressive rule extends its scope beyond electric vehicles, encompassing portable batteries for mobile devices such as smartphones, tablets, and other similar gadgets. 

Under this new legislation, manufacturers will be obligated to implement design modifications that facilitate user-initiated battery removal and replacement. This aligns seamlessly with earlier reports highlighting the resurgence of removable batteries in the market. 

In a shift from the prevailing trend, the prevalence of removable batteries in electronic devices has been gradually replaced by sealed battery packs, nevertheless, the prevailing sealed battery designs suffer from a significant drawback: if the battery malfunctions or fails, the entire device becomes useless and is frequently discarded. 

Although individuals with technical expertise can attempt intricate procedures to replace dead batteries in modern smartphones and devices, such endeavors pose risks to the inexperienced and may result in device damage or destruction. Moreover, a crucial question arises: without the ability to remove the battery, how does one effectively recycle it? 

Interestingly, this development follows the European Union's recent efforts to standardize USB Type C, which has compelled Apple to comply with future iPhone and product releases. This standardization initiative aims to facilitate the recovery and recycling of old batteries while reducing overall waste. 

Although this new rule is scheduled to take effect by early 2027, there is a possibility of postponement by the EU, considering the potential challenges manufacturers may face in implementing such significant redesigns. It is worth noting that sealed smartphones offer enhanced protection against environmental elements and are also viewed as a cost-cutting measure by companies. The response from different original equipment manufacturers (OEMs) to this decision remains uncertain, so stay tuned for further updates.

Using AI for Loans and Mortgages is Big Risk, Warns EU Boss

 

The mortgage lending sector is experiencing a significant revolution driven by advanced technologies like artificial intelligence (AI) and machine learning. These cutting-edge technologies hold immense potential to revolutionize the lending process. 
However, alongside the benefits, there are also valid concerns surrounding the potential implications for human employment and the need to mitigate bias and discrimination in AI-driven decision-making. 

In an interview with the BBC, Margrethe Vestager, who is the European Commission's executive vice president, emphasized the importance of implementing "guardrails" to address the significant risks associated with technology, particularly in the context of artificial intelligence (AI). 

She highlighted the need for such precautions, especially when AI is involved in decision-making processes that directly impact individuals' livelihoods, such as determining their eligibility for a mortgage. 

How is AI benefiting Mortgage Lending Industry? 

1. Better customer experience: AI enables personalized customer experiences, allowing mortgage advisors to understand customer needs better and enhance their overall experience. 

2. Automation of routine tasks: AI automates repetitive tasks like data entry and document processing, freeing up time for mortgage advisors to focus on more strategic activities. 

3. Predictive analytics: AI analyzes data from multiple sources to provide insights into market trends and customer behavior, empowering mortgage advisors to make informed decisions and anticipate market changes. 

4. Boost risk assessment: AI algorithms analyze vast amounts of data, helping mortgage companies make better risk assessments and underwriting decisions, reducing loan defaults, and improving efficiency. 

5. Process optimization: AI identifies areas for process improvement by analyzing past transactions, enabling mortgage companies to streamline processes, reduce costs, and increase efficiency. 

6. Fraud identification: AI uses machine learning to detect potential fraud in mortgage applications, safeguarding both mortgage advisors and customers and ensuring the integrity of the lending process. 

7. Document management: AI automates document management, simplifying storage, retrieval, and management of customer information and loan documents, minimizing errors, and improving efficiency. 

8. Overcoming sales obstacles: AI tools like ChatGPT can assist in generating content ideas, helping mortgage professionals overcome content blocks, and leveraging video and social media for effective sales strategies. 

What are the risks of AI according to the Margrethe Vestager? 

Recently,  Margrethe Vestager, said that implementing "guardrails" is crucial to mitigate the significant risks associated with technology. Specifically, she emphasized the importance of having these measures in place when AI is employed to make decisions that directly impact individuals' livelihoods, such as determining their eligibility for a mortgage. 

Although the risk of extinction due to artificial intelligence (AI) is minimal, there are other pressing concerns to address. Discrimination is a prominent issue, where individuals might not receive fair treatment based on their true identities. 

Margrethe Vestager emphasized the need to prevent bias related to gender, race, or location when AI systems are employed by banks for mortgage assessments or by social services in local communities. It is essential to prioritize fairness and equal treatment to ensure everyone is respected and valued.

EU Privacy Watchdog Forms ChatGPT Task Force

The European Union’s privacy watchdog, known as the European Data Protection Supervisor (EDPS), has recently announced the formation of a task force to examine the potential privacy and data protection issues related to the ChatGPT language model. ChatGPT is a powerful artificial intelligence (AI) system that is designed to understand natural language and generate human-like responses to queries.

The EDPS has expressed concerns that ChatGPT could potentially pose significant privacy risks if it is not properly regulated and monitored. In particular, they have highlighted the potential for ChatGPT to be used for phishing scams, identity theft, and other forms of cybercrime.

One of the key vulnerabilities of ChatGPT is its ability to learn from the data it is given. This means that if it is fed with biased or malicious data, it could learn to replicate that behavior in its responses. This could potentially lead to harmful or discriminatory behavior towards certain groups of people.

Furthermore, ChatGPT is designed to generate responses based on a given context. This means that if it is given access to sensitive information, it could potentially reveal that information to unauthorized parties. This could lead to serious privacy breaches and data leaks.

To address these concerns, the EDPS has formed a task force that will work to develop guidelines and regulations for the use of ChatGPT. This task force will bring together experts from a range of fields, including AI research, privacy law, and cybersecurity.

The task force will be tasked with developing a set of best practices and guidelines for the use of ChatGPT. This will include recommendations on how to mitigate potential privacy risks, such as using robust encryption and access controls to protect sensitive data.

Overall, the formation of the ChatGPT task force is an important step towards ensuring that the use of AI systems like ChatGPT is properly regulated and monitored. By addressing potential vulnerabilities and developing best practices for their use, the EU can help to mitigate the risks associated with these powerful technologies and ensure that they are used in a responsible and ethical manner.

The West Accuses TikTok of Espionage & Data Mining

 

TikTok is one of the few social media corporate giants that was not created by a Silicon Valley business. The parent business, ByteDance, which launched the internet service in China in 2016, has offices spread across the globe, including Paris. Nonetheless, Beijing remains the location of the parent company's main office. These claims, which include, among other things, some actions that are not within the purview of this social network, are fleshed out by a number of causes for concern.

TikTok will no longer be available to employees and elected officials of the European Parliament and the European Commission starting in mid-March. The United States' main worry is that the Chinese government might be able to access their citizens' data and snoop on them.

Many publications from disinformation-focused research organizations or businesses highlight how simple it is for people to come across incorrect or misleading information concerning elections or pandemics. Research from the Center for Combating Online Hate in the United States in December 2022 showed how the social network's algorithm suggested hazardous content to its teenage members, including videos about self-harm and eating disorders.

Yet, the fact that ByteDance has released two different versions of its application—Douyin, which is only available in the Chinese market, and TikTok for the rest of the world—reinforces misconceptions and wild speculation about the latter.

It occurs while China and the West are engaged in a larger technology-related arms race that includes everything from surveillance balloons to computer chips. TikTok seeks a lot of user permissions, according to the Exodus Privacy organization, which examines Android apps. As a result, the program gets access to the device's microphone, contacts, camera, storage, and even geolocation information.

TikTok first needs broad access to its users' devices in order to function, display targeted adverts, or show pertinent videos. On the website of the ToSDR association, which simplifies and evaluates the general conditions of use of numerous applications and services, TikTok obtains an E score, the worst score in the list.

The federal government will reportedly also prevent the app from being downloaded on authorized devices going forward, according to Mona Fortier, president of the Canadian Treasury Board. It is justified that the approach of European institutions is one of caution in the face of difficult international relations with Beijing.








Amazon Could be Responsible for Fake Louboutin Shoe Advertisements


Online retailer Amazon may be deemed accountable for breaching luxury footwear brand Christian Louboutin’s EU trademark rights. 

According to the European Court of Justice's preliminary ruling in the case, third-party dealers were found to be advertising counterfeit red-soled stilettos on Amazon, without Louboutin's permission. 

The case came to light when the French designer filed lawsuits against Amazon in Belgium and Luxembourg, claiming that he did not authorize these products to be put on the market. 

Louboutin’s signature red-soled stilettos are apparently registered as a trademark within the EU and Benelux trademark. 

The top court of the EU stated that customers could be misled into believing that Amazon is selling shoes on behalf of Louboutin when, for example, Amazon places its logo on the ads of third-party sellers and stores and ships the products. 

“These circumstances may indeed make a clear distinction difficult, and give the impression to the normally informed and reasonably attentive user that it is Amazon that markets — in its own name and on its own behalf,” the court stated. The luxury brand says that the court’s decision is “a victory for the protection of its know-how and creativity.” 

“It initiated these proceedings to obtain recognition of Amazon’s responsibility for the offering for sale of counterfeit products on its platforms by third parties. It also brought this case to encourage Amazon to play a more direct role in the fight against counterfeiting on its platforms,” Maison Louboutin said in a statement. 

The EU court came to the conclusion that it is now up to the local governments in Belgium and Luxembourg to decide whether consumers of the online marketplace have believed that Amazon itself was running the advertising rather than third-party vendors.  

DDoS-for-Hire Websites are Seized by Authorities

 

According to Europol, international police deactivated roughly 50 well-known websites that charged users to perform distributed denial-of-service attacks and detained seven people who were allegedly the sites' administrators.

Operation Power Off was a coordinated effort by law enforcement agencies in the US, the Uk, the Netherlands, Poland, and Germany to combat attacks that have the potential to shut down the internet.

According to the police, the defendants misrepresented their websites as being services that could be employed for network testing while actually charging users for DDoS assaults against universities, government organizations, gaming platforms, and millions of people both domestically and overseas. Websites are rendered unavailable by DDoS attacks, which function by flooding them with unwanted traffic.

"These DDoS-for-hire websites, with paying customers both inside and outside the US, enabled network outages on a massive scale, targeting millions of victim computers around the world," said Antony Jung, special agent in charge of the operation at the FBI's field office in Anchorage, Alaska. Before purchasing or offering these illicit services, prospective users and administrators should exercise caution.

The largest DDoS-for-hire services are available on these sites, according to the UK's National Crime Agency (NCA), one of which has been used to launch more than 30 million attacks in its existence. Additionally, it has taken possession of customer data and, pending examination, may soon take legal action against UK site visitors.

DDoS Attack Is Illegal

DDoS poses the risk of lowering the barrier to entry for cybercrime. As per Europol, anyone with no technical expertise can start DDoS attacks with the press of a button for as little as $10, taking down entire networks and websites.

The harm they can cause to victims can be severe, financially crushing businesses and stripping people of necessary services provided by banks, governmental agencies, and law enforcement. Many young IT enthusiasts participate in this allegedly low-level crime feeling motivated by their imagined anonymity, unaware of the potential repercussions of such online activity.

The police take DDoS attacks seriously. Irrespective of their size, all users are monitored by law authorities, whether they are high-level hackers launching DDoS assaults against for-profit targets or casual users kicking their rivals out of video games.


Meta Penalized 276 Million by Ireland Under EU Laws

According to Meta's handling of sensitive user data, the Irish Data Protection Commission has fined the company $276 million. 

The European Union's primary privacy watchdog, Meta, is the most recent example of how regional authorities are growing more active in their enforcement of the bloc's privacy regulations against major internet corporations.

Insiders discovered the exposed data, which contained the full names, contact information, addresses, and dates of birth of users on the platform between 2018 and 2019. At the time, Meta said that the information was taken by a malicious party using a flaw that the firm addressed in 2019 and that it was the same information used in a prior leak that Motherboard had discovered in January 2021.

The DPC has fined Meta three times already this year. In connection with a slew of 2018 data breaches that compromised the personal information of as many as 30 million Facebook users, the DPC penalized Meta $18.6 million USD in March for poor record-keeping.

In a privacy issue, Meta and its affiliates, including WhatsApp and Instagram, have now been punished by Ireland three times in the last 15 months, reaching more than $900 million in monetary penalties. The other concerns include WhatsApp's transparency on how it manages user data and Instagram's management of children's data. Meta is contesting those judgments.

A representative for Meta stated that the business will reconsider the choice. Meta representative remarked, "Unauthorized data scraping is unacceptable and against our standards.

According to Ireland's privacy regulator, there are dozens more complaints involving numerous major tech corporations that are still pending. Based on the corporations and EU officials, tech companies are currently in discussions with the European Commission, the EU's executive body, to identify which parts of each new law will apply to the particular services they provide. Beginning in the middle of next year, certain parts of the new laws will be put into effect.


Twitter's Brussels Staff Sacked by Musk 

After a conflict on how the social network's content should be regulated in the Union, Elon Musk shut down Twitter's entire Brussels headquarters.

Twitter's connection with the European Union, which has some of the most robust regulations controlling the digital world and is frequently at the forefront of global regulation in the sector, may be strained by the closing of the company's Brussels center. 

Platforms like Twitter are required by one guideline to remove anything that is prohibited in any of the EU bloc's member states. For instance, tweets influencing elections or content advocating hate speech would need to be removed in jurisdictions where such communication is prohibited. 

Another obligation is that social media sites like Twitter must demonstrate to the European Commission, the executive arm of the EU, that they are making a sufficient effort to stop the spread of content that is not illegal but may be damaging. Disinformation falls under this category. This summer, businesses will need to demonstrate how they are handling such positions. 

Musk will need to abide by the GDPR, a set of ground-breaking EU data protection laws that mandate Twitter have a data protection officer in the EU. 

The present proposal forbids the use of algorithms that have been demonstrated to be biased against individuals, which may have an influence on Twitter's face-cropping tools, which have been presented to favor youthful, slim women.

Twitter might also be obligated to monitor private conversations for grooming or images of child sexual abuse under the EU's Child Sexual Abuse Materials proposal. In the EU, there is still discussion about them.

In order to comply with the DSA, Twitter will need to put in a lot more effort, such as creating a system that allows users to flag illegal content with ease and hiring enough moderators to examine the content in every EU member state.

Twitter won't have to publish a risk analysis until next summer, but it will have to disclose its user count in February, which initiates the commission oversight process.

Two lawsuits that might hold social media corporations accountable for their algorithms that encourage dangerous or unlawful information are scheduled for hearings before the US Supreme Court. This might fundamentally alter how US businesses regulate content. 

FancyBear: Hackers Use PowerPoint Files to Deliver Malware

 

FancyBear: Hackers Use PowerPoint Files to Deliver Malware Cluster25 researchers have recently detected a threat group, APT28, also known as FancyBear, and attributed it to the Russian GRU (Main Intelligence Directorate of the Russian General Staff). The group has used a new code execution technique that uses mouse movement in Microsoft PowerPoint, to deliver Graphite malware.
 
According to the researchers, the threat campaign has been actively targeting organizations and individuals in the defense and government organizations of the European Union and East European countries. The cyber espionage campaign is believed to be still active.
 

Methodology of Threat Actor

 
The threat actor allegedly entices victims with a PowerPoint file claiming to be associated with the Organization for Economic Cooperation (OECD).
 
This file includes two slides, with instructions in English and French to access the translation feature in zoom. Additionally, it incorporates a hyperlink that plays a trigger for delivering a malicious PowerShell script that downloads a JPEG image carrying an encrypted DLL file.
 
The resulting payload, Graphite malware is in Portable Executable (PE) form, which allows the malware operator to load other malwares into the system memory.
 
“The code execution runs a PowerShell script that downloads and executes a dropper from OneDrive. The latter downloads a payload that extracts and injects in itself a new PE (Portable Executable) file, that the analysis showed to be a variant of a malware family known as Graphite, that uses the Microsoft Graph API and OneDrive for C&C communications.” States Cluster25, in its published analysis.
 
The aforementioned Graphite malware is a fileless malware that is deployed in-memory only and is used by malware operators to deliver post-exploitation frameworks like Empire. Graphite malware’s purpose is to allow the attacker to deploy other malwares into the system memory.
 
 
Based on the discovered metadata, according to Cluster25, the hackers have been preparing for the cyber campaign between January and February. However, the URLs used in the attacks were active in August and September.
 
With more hacker groups attempting to carry out such malicious cyber campaigns, the government and private sectors must deploy more powerful solutions to prevent future breaches and cyber attacks to safeguard their organizations.

Google Drive & Dropbox Targeted by Russian Hackers

The Russian state-sponsored hacking collective known as APT29 has been attributed to a new phishing campaign that takes advantage of legitimate cloud services like Google Drive and Dropbox to deliver malicious payloads on compromised systems.

In recent efforts targeting Western diplomatic stations and foreign embassies globally between early May and June 2022, the threat group APT29 also known as Cozy Bear or Nobelium has embraced this new strategy. However, the phishing documents included a link to a malicious HTML file that was used as a dropper for other harmful files, including a Cobalt Strike payload, to enter the target network.

Google and DropBox were alerted about the operation by Palo Alto Networks, and they took measures to restrict it. Organizations and governments have been cautioned by Unit 42 researchers to maintain a high state of alert. Organizations should be cautious about their capacity to identify, inspect, and block undesirable traffic to legitimate cloud storage providers in light of APT 29's new methods.

APT29, also known as Cozy Bear, Cloaked Ursa, or The Dukes, is a cyber espionage organization that seeks to gather information that supports Russia's geopolitical goals. It also carried out the SolarWinds supply-chain hack, which resulted in the compromising of several US federal agencies in 2020.

The use of cloud services like Dropbox and Google Drive to mask their activity and download further cyberespionage into target locations is what has changed in the most recent versions. According to reports, the attack's second version, seen in late May 2022, was further modified to host the HTML dropper in Dropbox.

According to reports, the attack's second version, seen in late May 2022, was further modified to host the HTML dropper in Dropbox.

The findings also line up with a recent statement from the Council of the European Union that "condemns this appalling behavior in cyberspace" and highlights the rise in hostile cyber actions carried out by Russian threat actors.

In a news release, the EU Council stated that "this increase in harmful cyber actions, in the context of the war against Ukraine, presents intolerable risks of spillover effects, misinterpretation, and possible escalation."







Russia Dubbed as the "Centre" of European-wide Cyber-Attacks

 

Since the beginning of Russia's invasion of Ukraine, the EU, UK, US, and other allies have recognized that Russia has been behind a wave of cyber-attacks. The most recent distributed denial-of-service (DDoS) attack on Viasat's commercial communications network in Ukraine, which occurred on the same day that Russia launched its full-fledged invasion, had a greater impact across Europe, disrupting wind farms and internet users. 

The outage on Viasat affected almost one-third of bigblu's 40,000 users throughout Europe, including Germany, France, Hungary, Greece, Italy, and Poland, according to Eutelsat, the parent company of bigblu satellite internet service. The incident impacted wind farms and internet users in central Europe, creating outages for thousands of Ukrainian customers. 

In the regard, the key statements by the West are as follows:

  • The European Union said that Russia was behind the strike, which occurred "one hour before" the invasion of Ukraine. 
  • Estonia: The member of the European Union went even further. With "high certainty," the country blamed the hack on Russia's military intelligence arm, saying it had "gone counter to international law." 
  • The United Kingdom's National Cyber Security Centre is "almost convinced" that Russia was behind the Viasat attack, according to the UK, citing "new UK and US intelligence." Meanwhile, the report said that "Russian Military Intelligence was probably certainly involved" in defacing Russian websites and releasing damaging spyware.
The main aim, according to the joint intelligence advisory, was the Ukrainian military. "Thousands of terminals have been destroyed, rendered useless, and are unable to be restored," according to Viasat. Russian military intelligence was likely certainly engaged in the January 13 attacks on Ukrainian official websites and the distribution of Whispergate harmful malware, according to the UK's National Cyber Security Centre (NCSC). 

"This is clear and alarming proof of an intentional and malicious attack by Russia against Ukraine, which had huge ramifications for ordinary people and businesses in Ukraine and across Europe," Foreign Secretary Liz Truss said. 

In the past Russian criminals hijacked the updater system of Ukrainian accounting software provider MEDoc in June 2017, infecting MEDoc users with the wiper virus NotPetya. The evidence suggests that Wiper malware infected several Ukrainian government networks again in 2022, and Gamaredon attacks targeted roughly 5,000 entities, including key infrastructure and government departments.

NCSC director of operations Paul Chichester addressed why the attribution was being done now, two and a half months after the occurrence, at a press conference at CYBERUK 2022. "We execute attributions in a process-driven manner; accuracy is extremely essential to us," he explained. Collaboration with international bodies such as the EU and the Five Eyes adds to the length of time it took to provide this material. 

Such cyber action aims to demoralize the public and degrade essential infrastructure. The perceived difficulties of precisely attributing the attack to any single aggressor is a benefit of conducting the earliest stages of kinetic activity in cyberspace. Putin has been emphatic in his denial of any Russian government participation in the attacks.

Analysis of Cryptocurrency Fundraising

 

A cryptocurrency is a form of digital currency meant to make internet transactions extremely safe. Investors and authorities are paying attention to the unexpected increase in the value of cryptocurrencies. The digital era has surely aided in the advancement of our understanding and use of money. We are also on the verge of a new financial revolution, which is linked to the fourth industrial revolution. There are currently 9,271 distinct cryptocurrencies available, with Bitcoin, Ethereum, Tether, BNB, and USD being the most renowned ones.  

Cryptocurrencies, despite being older than the iPad, have just entered the public sphere, with their impact being predominantly felt in the last three or four years. The aspect of digital currencies has spread to numerous banks, including JP Morgan and Wells Fargo, which are developing their own cryptos. Blockchain, AI, IoT, and a slew of other technologies are making inroads into our daily lives as more traditional concepts and technologies are scrambling to stay up or risk becoming obsolete. 

Bitcoin, one of the most popular cryptocurrencies, was launched in 2009 and employs peer-to-peer technology to enable rapid transactions without the involvement of institutional bodies such as banks or governments. A password or a private key is required to access the received cryptocurrency in the wallet. Furthermore, the transaction is safeguarded by blockchain technology when it is sent from one wallet to another.

Physical currency serves as a universal measure of worth as well as a quick means of transmitting it. The switch to such a system would very certainly be tough, as cash may become incompatible in the blink of an eye if the crypto world advance at the current pace. Established banking institutions would almost certainly have to hustle to adapt. Governments across the world are now accepting blockchain and cryptocurrency. According to the Gartner report, 83 nations are currently experimenting with or deploying as such Central Bank Digital Currencies, or CBDCs, which account for 90 percent of global GDP. While many businesses initially offered to accept Bitcoin during its first boom, this list has progressively reduced, reinforcing doubt about the cryptocurrency's potential as a medium of trade. 

In India, cryptocurrency boomed relatively late when it already cost millions of rupees, as a result, Indians have few Satoshis (small units of a bitcoin) but this isn't the case in every situation. People are dealing in smaller units such as milli or micro bitcoins as the worth of cryptocurrency. 

Furthermore, the price of a cryptocurrency varies between exchanges, which is a clear breach of the legislation of one price.

While bitcoin performs admirably as a wealth vault, its volatility makes it riskier and exposes it to increased danger of loss. Several variables influence the price of a single bitcoin, like supply and demand, competition, and regulation. Investor perceptions of cryptocurrency are also influenced by recent news events.

The lack of other traits for crypto in India is typically associated with modern physical currencies; they cannot be deposited in a bank and must be held in digital wallets, which are costly and risky due to the possibility of hacking, staff corruption, public IP addresses, and ransomware. In many aspects, government supervision over central currency is essential for regulation, and cryptocurrencies would function with far less government oversight. Bitcoin's supply is set; there is an absolute limit of 21 million units.

In order to maintain steady price levels, the money supply must be able to rise in lockstep with macroeconomic activity, otherwise, the problem can only be solved by raising the velocity of money or by a substantial drop in prices. This might put the economy in jeopardy. 

For investors, bitcoin's artificial scarcity is a benefit: increased demand combined with inelastic supply leads to a greater price. The lack of a central regulator renders investor protection untenable and raises the likelihood of greater instability. People engage in these markets expecting the cryptocurrencies would grow in the future; this presumption fuels speculative behaviours, and a quick shift in the presumption may cause the market to crash, injuring many naive investors. 

The magnitude of economic harm is influenced by the connectivity between crypto-assets and the traditional banking industry. According to economists, direct exposure from cryptocurrencies to the financial system might be transmitted, and indirect repercussions could expand to other asset classes. Crypto assets, according to the RBI financial stability report (2021), offer long-term risks for capital control management, financial and macroeconomic stability, and monetary policy transmission.

China has taken the toughest stance on cryptocurrencies, going from allowing crypto mining to outright prohibiting it as of June 2021. Regulations are divided between the federal and state governments in the United States and India. Most EU draught Markets in Crypto-Assets Regulation (MiCA) legislation was announced by the European Commission in September 2020. The UK  is currently supervised by the Financial Conduct Authority (FCA). It's worth noting that the South American nation was the first to declare Bitcoin to be legal cash.

If we look at the evolution of crypto as a currency, it has virtually achieved its goal of decentralisation, and is now one of the main firms such as Tesla, Microsoft, and Meta are investing in it. On the other hand, the emerging cryptocurrency has the issue of being hackable. In the long run, if cryptocurrency continues to develop at its current rate, it may eventually replace fiat currency, resolving the issues of hacking and extreme volatility.